Azure SQL Server,是否可以禁用服务器管理(创建后)? [英] Azure SQL Server, is it possible to disable server admin (after creation)?
问题描述
案例
我要使用Azure SQL Server,如有关如何保护Azure SQL Server的最佳做法使用AAD帐户进行访问很好您的服务器/数据库,而不是SQL帐户。
I want to work with Azure SQL Server, as noted in the best practices how to secure Azure SQL Server it is good to use AAD account for accessing your server/database instead of SQL Accounts.
我阅读了Microsoft文档站点和博客上的几篇文章,但是我找不到禁用/删除服务器管理员帐户,在拥有Azure SQL Server和已创建的AAD SQL管理员并将其附加到Azure SQL Server之后。
I read several posts on the documentation site of Microsoft and blogs, but I cannot find that it is possible to disable/remove the Server Admin account, after you have the Azure SQL Server and an created AAD SQL Administrator and attached it to Azure SQL Server.
我知道服务器管理员登录名和密码是必填项,当您创建Azure SQL时,但我希望在创建服务器和AAD SQL管理员后可以删除它。
I know Server Admin Login and Password is mandatory, when you create the Azure SQL, but I hoped it was possible to delete after creation of server and AAD SQL Admin.
为什么要这样做?
- 有足够多的公司必须裁定(必须从本地继承)
- 必须完成密码轮换,如果您拥有一个集中式身份存储,而不必为一个身份验证存储进行操作,则容易得多。很多Azure SQL Server。
问题
是否可以禁用SQL Server Admin(SQL帐户)?
Is it possible to disable the SQL Server Admin (sql account)?
推荐答案
我不相信这是(或可能)可以禁用SQL Server管理员。
I don't believe it is (or can be) possible to disable the SQL Server Admin.
Azure订阅所有者和AAD SQL管理员身份具有Azure SQL的联合所有权服务器。要么需要重新获得对服务器的管理访问权限。
The Azure Subscription Owner and the AAD SQL Admin identity have joint ownership of the Azure SQL Server. Either one needs to be able to re-acquire administrative access to the server.
Azure订阅所有者用来强制进入自己的数据库的机制是:
And the mechanism that the Azure Subscription Owner uses to force their way into their own database is to reset the SQL Server Admin password from the Azure Portal.
这大致类似于Windows管理员如何通过以单一方式启动服务来强制sysadmin访问SQL Server,用户模式。
This is roughly analogous to how a Windows Administrator can force sysadmin access to a SQL Server by starting the service in single-user mode.
我认为您最好的办法是扔掉SQL Server Admin的密码,因此没有人可以在不首先重置密码的情况下使用该帐户登录。门户。 EG运行:
I think the best you can do is to throw away the SQL Server Admin's password, so no one could log in using that account without first resetting the password in the portal. EG run:
declare @sql nvarchar(max) = concat(N'alter LOGIN [youradmin] WITH PASSWORD=N''',newid(), N'''')
exec (@sql)
这篇关于Azure SQL Server,是否可以禁用服务器管理(创建后)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
